Stagefright is a media playback engine on Android that supports several media formats by default, features audio and video playback, session management, DRM and more.
It is also a name of a vulnerability, or a series of vulnerabilities that were recently discovered. Since Stagefright is a core Android technology, it is affecting (nearly) all devices running the operating system.
What makes the vulnerability particularly troublesome is that it can be executed passively. This means that devices can be attacked successfully without user input.
Basically, what it does is send a specially prepared MMS (Multimedia Message Service) to devices. Since Android devices are configured by default to download and process these messages automatically, attacks are executed in the background.
The vulnerabilities allow attackers to run code remotely on the device, for instance by executing code, using device sensors or snooping around.
Only devices running Android 2.2 or older are not affected by Stagefright at this point in time.
Since attacks require that MMS are automatically downloaded to the system, disabling that ability seems to be one of the better options to protect a device from attacks.
- Open the Messenger application you are using. I'm using the default Messenger app on a Moto G running Android 5.0.1.
- Open the preferences with a tap on the three dots in the upper right corner and selecting settings from the context menu.
- Scroll down until you find the Multimedia (MMS) messages section.
- Uncheck "auto retrieve".
If you are using a different messaging application, you will need to find out whether it supports the blocking of MMS messages by default as well.
Most should provide you with such an option but some may not. If your texting application does not support the disabling of the feature, you may want to consider switching it to a different one for the time being until the issue is resolved.
This is done in the Android settings under More > Default SMS app. Again, the location of the setting may vary depending on your version of the operating system
Most manufacturers are slow when it comes to delivering patches to end users and it may take a while before the vulnerability is patched on most devices. If you run CyanogenMod, you should receive updates this week as the issue has already been patched.